Another Linux Kernel Flaw Emerges

Researchers have identified a new vulnerability in the Linux kernel which could enable an attacker to take complete control of a vulnerable system. The flaw is in all versions of the 2.4 and 2.6 Linux kernels. The Linux kernel vulnerability is a NULL pointer dereference vulnerability that derives from the kernel’s failure to validate a function pointer before dereferencing it. The flaw, discovered by two members of the Google security team, has been fixed by a patch for the Linux kernel that was made available Thursday.

In an advisory posted to the Full Disclosure mailing list, Tavis Ormandy of Google described the details of the vulnerability.

In the Linux kernel, each socket has an associated struct of operations
called proto_ops which contain pointers to functions implementing various
features, such as accept, bind, shutdown, and so on.

If an operation on a particular socket is unimplemented, they are expected
to point the associated function pointer to predefined stubs, for example if
the “accept” operation is undefined it would point to sock_no_accept(). However,
we have found that this is not always the case and some of these pointers are
left uninitialized.

This is the second such flaw found in the Linux kernel in the last month. In July another researcher found a flaw in the Linux 2.6 kernel that enabled him to bypass the security protections in the kernel and even defeat the security enhancements in SELinux.

In his advisory, Ormandy laid out some mitigations for the flaw that he and Julien Tinnes discovered.

“Recent kernels with mmap_min_addr support may prevent exploitation if the sysctl vm.mmap_min_addr is set above zero. However, administrators should be aware that LSM based mandatory access control systems, such as SELinux, may alter this functionality. It should also be noted that all kernels up to 2.6.30.2 are vulnerable to published attacks against mmap_min_addr,” he wrote.

About Dennis Fisher

Dennis Fisher is a journalist with more than 13 years of experience covering information security.

Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts.

The Final Say

There are a great many beautiful and unusual towns and cities in the world, there are volcanoes, there are valleys and canyons, and islands and lakes. There are also of course rivers: loads of them ...

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report t...

Android smartphones and tablets are very popular among students for several reasons. First, they are relatively affordable. Second, they are flexible, so users can choose the most suitable set-up for ...